File Upload Vulnerability in Cisco ISE Affects Administrators

CVE-2023-20196

Summary

Cisco Identity Services Engine (ISE) is impacted by vulnerabilities that enable authenticated remote attackers to upload arbitrary files. The root cause lies in inadequate validation of uploaded files through the web-based management interface. By exploiting these vulnerabilities, an attacker with valid Administrator credentials can upload specially crafted files, potentially allowing the storage of malicious content in designated directories. This could facilitate further attacks, including executing arbitrary code on the device with elevated privileges, making it essential for administrators to secure their systems against these threats.

References